Vulnerability Recap 4/29/24
William Vance
April 29, 2024
Numerous vulnerabilities have surfaced this week, many of which unveil new facets of existing issues. Palo Alto’s Pan-OS vulnerability, for instance, now affects Siemens products, prompting updated remediation guidance. Similarly, an older Microsoft Windows spooler flaw has made its way onto the CISA KEV list, indicating persistent threats. Additionally, the Cactus Ransomware group is targeting unfixed Qlik Sense servers, exploiting a vulnerability patched back in September 2023.
Whether old or new, vulnerabilities pose significant risks to organizations, regardless of their CVSS severity scores. Evidently, many struggle to keep pace with patching and updating, underscoring the necessity for external assistance, such as patch management as a service or managed service providers (MSPs), to address backlog issues effectively.
April 22, 2024
CISA Adds 2022 Windows Print Spooler Vulnerability to KEV Catalog
Type of vulnerability: Elevation of privilege.
The issue: Microsoft’s Threat Intelligence report sheds light on how a Russian threat group, APT28 or Forest Blizzard, leveraged customized malware to exploit CVE-2022-38028, a vulnerability in the Windows Print Spooler, to gain elevated permissions. Despite being fixed in October 2022 updates, Microsoft warns that the zero-day vulnerability may have been exploited as early as April 2019.
The solution: Microsoft patched the vulnerability in October 2022, but the disclosure of active exploitation prompted the US Cybersecurity Infrastructure and Security Agency (CISA) to add it to the known exploited vulnerabilities (KEV) catalog. Federal agencies have until May 14, 2024, to apply patches or disable vulnerable software.
April 23, 2024
Palo Alto Updates Pan-OS Remediation & Siemens RUGGEDCOM Impacted
Type of vulnerability: Command injection vulnerability.
The issue: The CVSS 10.0/10.0 Pan-OS vulnerability (CVE-2024-3400) continues to be a concern, with Siemens revealing that their RUGGEDCOM APE 1808 could come pre-installed with vulnerable Palo Alto next-generation firewalls. Siemens recommends contacting customer service for patches or implementing mitigations, such as disabling GlobalProtect gateway and portal or applying Threat Prevention subscription blocks.
Palo Alto has revised its remediation strategy, offering four potential fixes based on detected compromise levels, ranging from creating a master key to performing a factory reset.
April 24, 2024
Cisco Patches Firewall Vulnerabilities Actively Exploited for Espionage
Type of vulnerability: Command injection, denial of service, persistent local code execution.
The issue: Cisco Talos and Duo Security Research teams uncover zero-day flaws, dubbed Arcane Door, exploited by state actors to exfiltrate network data through Adaptive Security Appliances (ASAs) and Firepower Threat Defense. Cisco recommends immediate device upgrades to mitigate these risks.
Google Patches One Critical & Two High-Severity Chrome Bugs
Type of vulnerability: Out-of-bounds read, type confusion, use-after-free.
The problem: Google addresses multiple security issues in Chrome, including critical to high vulnerabilities like CVE-2024-4058, which could lead to arbitrary code execution or sandbox escapes.
Broadcom Patches Brocade SANnav Flaw 19 Months After Discovery
Type of vulnerability: Password storage.
The issue: Brocade’s SANnav management application for storage area networks (SANs) suffered from password storage vulnerabilities, with fixes only issued after 19 months.
April 25, 2024
WP Automatic Plugin for WordPress Actively Exploited to Hijack Websites
Type of vulnerability: SQL injection.
The problem: Attackers exploit CVE-2024-27956 in the WP-Automatic plugin, creating new admin-level user accounts on WordPress websites through SQL injection attacks.
Unfixed September 2023 Qlik Sense Vulns Under Ransomware Attack
Type of vulnerability: Arbitrary code execution.
The issue: Despite patches released in August and September 2023, Qlik Sense vulnerabilities remain unaddressed, leaving servers vulnerable to Cactus ransomware attacks.
Ensure prompt software updates and rigorous cybersecurity measures to mitigate these risks effectively.